On Wed, Oct 02, 2013 at 09:09:05AM -0400, Phillip Hallam-Baker wrote:
> SMTP does not have nested structures or need
> them. A lot of application protocols do.
MIME: RFC 2045 - 2048, ...
A rather complex nested structure, and frankly rather more ambiguous
in practice than ASN.1. For example, wh
On Tue, Oct 01, 2013 at 07:21:03AM +1000, James A. Donald wrote:
> On 2013-10-01 00:44, Viktor Dukhovni wrote:
> >Should one also accuse ESTREAM of maliciously weakening SALSA? Or
> >might one admit the possibility that winning designs in contests
> >are at times quite cons
On Mon, Sep 30, 2013 at 05:45:52PM +1000, James A. Donald wrote:
> On 2013-09-30 14:34, Viktor Dukhovni wrote:
> >On Mon, Sep 30, 2013 at 05:12:06AM +0200, Christoph Anton Mitterer wrote:
> >
> >>Not sure whether this has been pointed out / discussed here already (bu
On Mon, Sep 30, 2013 at 05:12:06AM +0200, Christoph Anton Mitterer wrote:
> Not sure whether this has been pointed out / discussed here already (but
> I guess Perry will reject my mail in case it has):
>
> https://www.cdt.org/blogs/joseph-lorenzo-hall/2409-nist-sha-3
I call FUD. If progress is
On Mon, Sep 30, 2013 at 10:07:14AM +1000, James A. Donald wrote:
> Therefore, everyone should use Curve25519, which we have every
> reason to believe is unbreakable.
Superceded by the improved Curve1174.
http://cr.yp.to/elligator/elligator-20130527.pdf
--
Viktor.
_
On Fri, Sep 27, 2013 at 11:23:27AM -0400, Phillip Hallam-Baker wrote:
> Actually, it turns out that the problem is that the client croaks if the
> server tries to use a key size that is bigger than it can handle. Which
> means that there is no practical way to address it server side within the
> c
On Sat, Sep 21, 2013 at 05:07:02PM -0700, Patrick Pelletier wrote:
> and there was a similar discussion on the OpenSSL list recently,
> with GnuTLS getting "blamed" for using the ECRYPT recommendations
> rather than 1024:
>
> http://www.mail-archive.com/openssl-users@openssl.org/msg71899.html
Gn
On Wed, Sep 18, 2013 at 08:47:17PM +, Viktor Dukhovni wrote:
> On Wed, Sep 18, 2013 at 08:04:04PM +0100, Ben Laurie wrote:
>
> > > This is only realistic with DANE TLSA (certificate usage 2 or 3),
> > > and thus will start to be realistic for SMTP next year (provid
On Wed, Sep 18, 2013 at 08:04:04PM +0100, Ben Laurie wrote:
> > This is only realistic with DANE TLSA (certificate usage 2 or 3),
> > and thus will start to be realistic for SMTP next year (provided
> > DNSSEC gets off the ground) with the release of Postfix 2.11, and
> > with luck also a DANE-cap
On Tue, Sep 17, 2013 at 11:48:40PM -0700, Christian Huitema wrote:
> > Given that many real organizations have hundreds of front end
> > machines sharing RSA private keys, theft of RSA keys may very well be
> > much easier in many cases than broader forms of sabotage.
>
> Or we could make it easy
On Tue, Sep 17, 2013 at 05:01:12PM -0400, Perry E. Metzger wrote:
> (Note that this assumes no cryptographic breakthroughs like doing
> discrete logs over prime fields easily or (completely theoretical
> since we don't really know how to do it) sabotage of the elliptic
> curve system in use.)
>
>
On Tue, Sep 10, 2013 at 12:56:16PM -0700, Bill Stewart wrote:
> I thought the normal operating mode for PFS is that there's an
> initial session key exchange (typically RSA) and authentication,
> which is used to set up an encrypted session, and within that
> session there's a DH or ECDH key excha
Is there a TLS WG draft adding djb's Curve1174 to the list of named
curves supported by TLS? If there's credible doubt about the safety
of the NIST curves, it seems that Curve1174 (in Edwards form) would
make a good choice for EECDH, perhaps coupled with a similar curve
with ~512 bits.
Slides wit
On Sun, Sep 08, 2013 at 06:16:45PM -0400, John Kelsey wrote:
> I don't think you can do anything useful in crypto without some
> good source of random bits. If there is a private key somewhere
> (say, used for signing, or the public DH key used alongside the
> ephemeral one), you can combine the
Some of you may have seen my posts to postfix-users and openssl-users,
if so, apologies for the duplication.
http://archives.neohapsis.com/archives/postfix/2013-09/thread.html#80
http://www.mail-archive.com/openssl-users@openssl.org/index.html#71903
The short version is that while everyone i
15 matches
Mail list logo
